From 32ddade22fcea3786b86c087e684c238c1bd4b9c Mon Sep 17 00:00:00 2001 From: Parker Date: Sun, 7 Feb 2021 01:05:38 +0800 Subject: [PATCH] =?UTF-8?q?=E8=BD=AF=E9=98=B2=E7=81=AB=E5=A2=99=E6=8F=90?= =?UTF-8?q?=E5=8F=96=E6=88=90springboot=20starter=E6=8F=92=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- opsli-plugins/opsli-plugins-waf/pom.xml | 21 +++++++ .../opsli/plugins/waf}/conf/WafConfig.java | 23 ++++---- .../opsli/plugins}/waf/filter/WafFilter.java | 6 +- .../org/opsli/plugins/waf/msg/WafMsg.java | 55 +++++++++++++++++++ .../plugins/waf/properties/WafProperties.java | 45 +++++++++++++++ .../servlet/WafHttpServletRequestWrapper.java | 6 +- .../opsli/plugins}/waf/util/SQLFilterKit.java | 6 +- .../opsli/plugins}/waf/util/XSSFilterKit.java | 2 +- ...itional-spring-configuration-metadata.json | 47 ++++++++++++++++ .../main/resources/META-INF/spring.factories | 1 + 10 files changed, 191 insertions(+), 21 deletions(-) create mode 100644 opsli-plugins/opsli-plugins-waf/pom.xml rename {opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure => opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf}/conf/WafConfig.java (67%) rename {opsli-base-support/opsli-core/src/main/java/org/opsli/core => opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins}/waf/filter/WafFilter.java (94%) create mode 100644 opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/msg/WafMsg.java create mode 100644 opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/properties/WafProperties.java rename {opsli-base-support/opsli-core/src/main/java/org/opsli/core => opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins}/waf/servlet/WafHttpServletRequestWrapper.java (97%) rename {opsli-base-support/opsli-core/src/main/java/org/opsli/core => opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins}/waf/util/SQLFilterKit.java (94%) rename {opsli-base-support/opsli-core/src/main/java/org/opsli/core => opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins}/waf/util/XSSFilterKit.java (99%) create mode 100644 opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/additional-spring-configuration-metadata.json create mode 100644 opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/spring.factories diff --git a/opsli-plugins/opsli-plugins-waf/pom.xml b/opsli-plugins/opsli-plugins-waf/pom.xml new file mode 100644 index 00000000..fa4a2490 --- /dev/null +++ b/opsli-plugins/opsli-plugins-waf/pom.xml @@ -0,0 +1,21 @@ + + + + opsli-plugins + org.opsliframework.boot + 1.0.0 + ../pom.xml + + + 4.0.0 + opsli-plugins-waf + ${project.parent.version} + + + 8 + 8 + + + diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/WafConfig.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/conf/WafConfig.java similarity index 67% rename from opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/WafConfig.java rename to opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/conf/WafConfig.java index 8707b93d..b0a61f4d 100644 --- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/autoconfigure/conf/WafConfig.java +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/conf/WafConfig.java @@ -13,12 +13,13 @@ * License for the specific language governing permissions and limitations under * the License. */ -package org.opsli.core.autoconfigure.conf; +package org.opsli.plugins.waf.conf; import cn.hutool.core.convert.Convert; -import org.opsli.core.autoconfigure.properties.GlobalProperties; -import org.opsli.core.waf.filter.WafFilter; +import org.opsli.plugins.waf.filter.WafFilter; +import org.opsli.plugins.waf.properties.WafProperties; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -34,27 +35,27 @@ import javax.servlet.DispatcherType; * @date 2020-10-09 */ @Configuration +@EnableConfigurationProperties(WafProperties.class) +@ConditionalOnProperty(prefix = WafProperties.PROP_PREFIX, name = "enable", havingValue = "true") public class WafConfig { @Resource - private GlobalProperties globalProperties; + private WafProperties wafProperties; @Bean - @ConditionalOnProperty(prefix = GlobalProperties.PROP_PREFIX +".waf", name = "enable", havingValue = "true", matchIfMissing = false) public FilterRegistrationBean wafFilterRegistration() { WafFilter wafFilter = new WafFilter(); - wafFilter.setUrlExclusion(globalProperties.getWaf().getUrlExclusion()); - wafFilter.setEnableSqlFilter(globalProperties.getWaf().isSqlFilter()); - wafFilter.setEnableXssFilter(globalProperties.getWaf().isXssFilter()); + wafFilter.setUrlExclusion(wafProperties.getUrlExclusion()); + wafFilter.setEnableSqlFilter(wafProperties.isSqlFilter()); + wafFilter.setEnableXssFilter(wafProperties.isXssFilter()); FilterRegistrationBean registration = new FilterRegistrationBean<>(); registration.setDispatcherTypes(DispatcherType.REQUEST); registration.setFilter(wafFilter); - registration.addUrlPatterns(Convert.toStrArray(globalProperties.getWaf().getUrlPatterns())); + registration.addUrlPatterns(Convert.toStrArray(wafProperties.getUrlPatterns())); registration.setName(WafFilter.class.getSimpleName()); - registration.setOrder(globalProperties.getWaf().getOrder()); + registration.setOrder(wafProperties.getOrder()); return registration; } - } diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/filter/WafFilter.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/filter/WafFilter.java similarity index 94% rename from opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/filter/WafFilter.java rename to opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/filter/WafFilter.java index 4ae084c1..d0a06512 100644 --- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/filter/WafFilter.java +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/filter/WafFilter.java @@ -13,15 +13,15 @@ * License for the specific language governing permissions and limitations under * the License. */ -package org.opsli.core.waf.filter; +package org.opsli.plugins.waf.filter; -import org.opsli.core.waf.servlet.WafHttpServletRequestWrapper; + +import org.opsli.plugins.waf.servlet.WafHttpServletRequestWrapper; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import java.io.IOException; -import java.util.List; import java.util.Set; /** diff --git a/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/msg/WafMsg.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/msg/WafMsg.java new file mode 100644 index 00000000..088cfb6e --- /dev/null +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/msg/WafMsg.java @@ -0,0 +1,55 @@ +/** + * Copyright 2020 OPSLI 快速开发平台 https://www.opsli.com + *

+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + *

+ * http://www.apache.org/licenses/LICENSE-2.0 + *

+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.opsli.plugins.waf.msg; + +import org.opsli.common.base.msg.BaseMsg; + +/** + * @BelongsProject: opsli-boot + * @BelongsPackage: org.opsli.plugins.mail.msg + * @Author: Parker + * @CreateTime: 2020-09-13 19:54 + * @Description: Excel 消息 + */ +public enum WafMsg implements BaseMsg { + + /** + * 防火墙 + */ + WAF_EXCEPTION_XSS(10500, "包含非法字符!"), + WAF_EXCEPTION_SQL(10501, "包含非法字符!"), + + ; + + + private final int code; + private final String message; + + WafMsg(int code, String message){ + this.code = code; + this.message = message; + } + + @Override + public Integer getCode() { + return this.code; + } + + @Override + public String getMessage() { + return this.message; + } +} diff --git a/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/properties/WafProperties.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/properties/WafProperties.java new file mode 100644 index 00000000..5c8d3c36 --- /dev/null +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/properties/WafProperties.java @@ -0,0 +1,45 @@ +package org.opsli.plugins.waf.properties; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; +import org.springframework.boot.context.properties.ConfigurationProperties; + +import java.util.Set; + +/** + * 软防火墙 + * + * @author Parker + * @date 2020-12-19 + */ +@ConfigurationProperties(prefix = WafProperties.PROP_PREFIX) +@Data +@NoArgsConstructor +@AllArgsConstructor +@EqualsAndHashCode(callSuper = false) +public class WafProperties { + + public static final String PROP_PREFIX = "opsli.waf"; + + + /** 是否生效 */ + private boolean enable; + + /** xss 过滤 */ + private boolean xssFilter; + + /** sql 过滤 */ + private boolean sqlFilter; + + /** 过滤器需要过滤的路径 */ + private Set urlPatterns; + + /** 过滤器需要排除过滤的路径 */ + private Set urlExclusion; + + /** 过滤器的优先级,值越小优先级越高 */ + private int order; + +} diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/servlet/WafHttpServletRequestWrapper.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/servlet/WafHttpServletRequestWrapper.java similarity index 97% rename from opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/servlet/WafHttpServletRequestWrapper.java rename to opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/servlet/WafHttpServletRequestWrapper.java index 4e69363e..b3e67ccd 100644 --- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/servlet/WafHttpServletRequestWrapper.java +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/servlet/WafHttpServletRequestWrapper.java @@ -13,13 +13,13 @@ * License for the specific language governing permissions and limitations under * the License. */ -package org.opsli.core.waf.servlet; +package org.opsli.plugins.waf.servlet; import com.google.common.collect.Lists; import lombok.extern.slf4j.Slf4j; import org.opsli.common.constants.TokenConstants; -import org.opsli.core.waf.util.SQLFilterKit; -import org.opsli.core.waf.util.XSSFilterKit; +import org.opsli.plugins.waf.util.SQLFilterKit; +import org.opsli.plugins.waf.util.XSSFilterKit; import org.springframework.util.StreamUtils; import org.springframework.util.StringUtils; diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/util/SQLFilterKit.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/util/SQLFilterKit.java similarity index 94% rename from opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/util/SQLFilterKit.java rename to opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/util/SQLFilterKit.java index 7e68c33a..ece6740d 100644 --- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/util/SQLFilterKit.java +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/util/SQLFilterKit.java @@ -13,10 +13,10 @@ * License for the specific language governing permissions and limitations under * the License. */ -package org.opsli.core.waf.util; +package org.opsli.plugins.waf.util; import org.opsli.common.exception.WafException; -import org.opsli.core.msg.CoreMsg; +import org.opsli.plugins.waf.msg.WafMsg; import org.springframework.util.StringUtils; /** @@ -51,7 +51,7 @@ public final class SQLFilterKit { //判断是否包含非法字符 for (String keyword : keywords) { if (str.contains(keyword)) { - throw new WafException(CoreMsg.WAF_EXCEPTION_SQL); + throw new WafException(WafMsg.WAF_EXCEPTION_SQL); } } return str; diff --git a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/util/XSSFilterKit.java b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/util/XSSFilterKit.java similarity index 99% rename from opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/util/XSSFilterKit.java rename to opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/util/XSSFilterKit.java index 9e6d3bdb..9a1e8253 100644 --- a/opsli-base-support/opsli-core/src/main/java/org/opsli/core/waf/util/XSSFilterKit.java +++ b/opsli-plugins/opsli-plugins-waf/src/main/java/org/opsli/plugins/waf/util/XSSFilterKit.java @@ -13,7 +13,7 @@ * License for the specific language governing permissions and limitations under * the License. */ -package org.opsli.core.waf.util; +package org.opsli.plugins.waf.util; import org.apache.commons.lang3.StringUtils; diff --git a/opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/additional-spring-configuration-metadata.json new file mode 100644 index 00000000..7656eefa --- /dev/null +++ b/opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -0,0 +1,47 @@ +{ + "properties": [ + { + "name": "opsli.waf.enable", + "sourceType": "org.opsli.plugins.waf.properties.WafProperties", + "type": "java.lang.Boolean", + "defaultValue": false, + "description": "软防火墙是否开启." + }, + { + "name": "opsli.waf.xss-filter", + "sourceType": "org.opsli.plugins.waf.properties.WafProperties", + "type": "java.lang.Boolean", + "defaultValue": false, + "description": "软防火墙 xss 过滤开启状态." + }, + { + "name": "opsli.waf.sql-filter", + "sourceType": "org.opsli.plugins.waf.properties.WafProperties", + "type": "java.lang.Boolean", + "defaultValue": false, + "description": "软防火墙 sql 过滤开启状态." + }, + { + "name": "opsli.waf.url-patterns", + "sourceType": "org.opsli.plugins.waf.properties.WafProperties", + "type": "java.util.Set", + "defaultValue": [ + "/*" + ], + "description": "软防火墙 过滤器需要过滤的路径." + }, + { + "name": "opsli.waf.url-exclusion", + "sourceType": "org.opsli.plugins.waf.properties.WafProperties", + "type": "java.util.Set", + "description": "软防火墙 过滤器需要排除过滤的路径." + }, + { + "name": "opsli.waf.order", + "sourceType": "org.opsli.plugins.waf.properties.WafProperties", + "type": "java.lang.Integer", + "defaultValue": 0, + "description": "软防火墙 过滤器的优先级,值越小优先级越高." + } + ] +} diff --git a/opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/spring.factories b/opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/spring.factories new file mode 100644 index 00000000..e425cf5e --- /dev/null +++ b/opsli-plugins/opsli-plugins-waf/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=org.opsli.plugins.waf.conf.WafConfig